GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-10-22 19:23:59 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10PURX-64D85Y0 rev.01.01A01 931,51GB Running: 88fpii9z.exe; Driver: C:\Users\User\AppData\Local\Temp\aftcaaob.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1880] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000769f1401 2 bytes JMP 76e2b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1880] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000769f1419 2 bytes JMP 76e2b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000769f1431 2 bytes JMP 76ea9149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000769f144a 2 bytes CALL 76e04885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1880] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769f14dd 2 bytes JMP 76ea8a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1880] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769f14f5 2 bytes JMP 76ea8c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1880] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000769f150d 2 bytes JMP 76ea8938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1880] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000769f1525 2 bytes JMP 76ea8d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1880] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000769f153d 2 bytes JMP 76e1fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1880] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000769f1555 2 bytes JMP 76e26907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1880] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000769f156d 2 bytes JMP 76ea9201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1880] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000769f1585 2 bytes JMP 76ea8d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1880] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000769f159d 2 bytes JMP 76ea88fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1880] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769f15b5 2 bytes JMP 76e1fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1880] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769f15cd 2 bytes JMP 76e2b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1880] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769f16b2 2 bytes JMP 76ea90c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe[1880] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769f16bd 2 bytes JMP 76ea8891 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2316] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000074bb17fa 2 bytes CALL 76e011a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2316] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000074bb1860 2 bytes CALL 76e011a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2316] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000074bb1942 2 bytes JMP 76146da1 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2316] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000074bb194d 2 bytes JMP 7614e8de C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2316] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000769f1401 2 bytes JMP 76e2b233 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2316] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000769f1419 2 bytes JMP 76e2b35e C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000769f1431 2 bytes JMP 76ea9149 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000769f144a 2 bytes CALL 76e04885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\PnkBstrA.exe[2316] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769f14dd 2 bytes JMP 76ea8a42 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2316] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769f14f5 2 bytes JMP 76ea8c18 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2316] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000769f150d 2 bytes JMP 76ea8938 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2316] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000769f1525 2 bytes JMP 76ea8d02 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2316] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000769f153d 2 bytes JMP 76e1fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2316] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000769f1555 2 bytes JMP 76e26907 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2316] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000769f156d 2 bytes JMP 76ea9201 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2316] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000769f1585 2 bytes JMP 76ea8d62 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2316] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000769f159d 2 bytes JMP 76ea88fc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2316] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769f15b5 2 bytes JMP 76e1fd59 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2316] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769f15cd 2 bytes JMP 76e2b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2316] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769f16b2 2 bytes JMP 76ea90c4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2316] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769f16bd 2 bytes JMP 76ea8891 C:\Windows\syswow64\kernel32.dll ---- EOF - GMER 2.2 ----